Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Submission + - Apple announces a trade-in program for 3rd party chargers 1

EliSowash writes: In response to recent reports of safety concerns around 3rd party chargers for iDevices, Apple announced today that beginning August 16, 2013, you can trade in your 3rd party adapter and purchase an official Apple charger at a “special price” — $10 USD.

From their website: “To qualify, you must turn in at least one USB power adapter and bring your iPhone, iPad, or iPod to an Apple Retail Store or participating Apple Authorized Service Provider for serial number validation. The special pricing on Apple USB power adapters is limited to one adapter for each iPhone, iPad, and iPod you own and is valid until October 18, 2013.”

Submission + - Operation b58 takes down Bamital botnet (symantec.com)

EliSowash writes: "This week the Botnet known as Bamital has been reported dead by the two warriors that claim to have killed it: Symantec and Microsoft. A six-week monitoring period of Balmital revealed 1.8 million unique IP addresses communicating with its command and control server, Symantic says. That resulted in an average of three million clicks hi-jacked per day. Owners of infected computers trying to complete a search query will now be directed to an official Microsoft and Symantec webpage that explains the problem and provides information and resources to remove the Bamital infection and other malware from their computers."

Submission + - New Ransomware Encrypts Victim Data (threatpost.com)

EliSowash writes: "An unusual new strain of ransomware of ransomware makes good on its threat, doing what the majority of other varieties only claim to do. The Trojan actually encrypts data on infected machines, effectively rendering certain files inaccessible to users on compromised computers in order to block removal.

The Trojan displays a warning, that some illegal content has been found on their computer but, researcher Hynek Blinka has witnessed the Trojan encrypting images, documents and executables in an attempt to hinder any removal attempts."


Submission + - Android Malware increased nearly 600% in Q3 (zdnet.com)

EliSowash writes: "Trend Micro has released their third quarter roundup report, and the attention-grabbing statistic seems to be the sudden leap in mobile malware.

Specifically, Trend Micro said that malware targeting Android increased nearly sixfold in Q3 2012 to approximately 175,000 malicious and "potentially dangerous" high-risk Android apps between July and September. The bulk of that was found to be adware, which Trend Micro lamented that people think of adware as typically "non-threatening."

A fine line exists between collecting data for simple advertising use and violating one's privacy. Because adware normally collect user information for legitimate purposes, they can serve as an effective means to gather more data than some would want to give out."


Submission + - New State-Sponsered Malware "Gauss" making the rounds (wired.com)

EliSowash writes: "A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to Kaspersky researchers. Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations. Just like Duqu was based on the “Tilded” platform on which Stuxnet was developed, Gauss is based on the “Flame” platform."

Submission + - 'Luckycat' Advanced Persistent Threat Campaign Building Android Malware (darkreading.com)

EliSowash writes: "The attackers behind the recent Luckycat APT-type attack campaign are in the process of developing malware aimed at the Android, a researcher with Trend Micro said in a presentation at Defcon last week. Luckycat, an attack campaign with ties to Chinese hackers that targets Indian and Japanese military research institutions and the Tibetan community, last year also began targeting Mac OS X users."

Submission + - New version of the MaControl trojan spotted in the wild (sans.edu)

EliSowash writes: "A new version of the MaControl malware has been reported in the wild. More information on the malware, its behaviour, and the attack campaign is available from Kaspersky Labs, who discovered this variant. As more malware authors become motivated to attack OS X it is likely that we will continue to see targeted attacks such as this in the future. Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won’t be surprising to see a spike in such attacks soon.

MaControl has been mentioned before on Slashdot"


Submission + - Stuxnet, Duqu, Flame Targeted pirated Windows Systems In Iran (darkreading.com)

EliSowash writes: "An oft-overlooked detail about Stuxnet, Duqu, and Flame is that the attacks all targeted Windows machines in Iran even though Windows isn't allowed to be sold there under U.S. export restriction laws.

Software piracy and smuggling are a big problem in countries, such as Iran, that are banned from many high technology imports under economic sanctions. Stopping those illegal activities in Iran and other trade-sanctioned countries is difficult and often unrealistic, leaving many U.S. vendors to come to accept that their software is pirated there."


Submission + - First Android Bootkit discovered in 3rd Party Appstores (nq.com)

EliSowash writes: "Researchers at NQ Mobile have uncovered what they say may be the first Google Android bootkit. Dubbed DKFBootKit, the malware was spotted on third-party app stores.

"DKFBootKit is able to steal personal information from user devices," notes Xuxian Jiang, NQ Mobile's chief scientist. "More alarmingly, it is a bot client that can retrieve and run commands from remote C&C servers." In the past two weeks, DKFBootKit has infected more than 1,657 Android devices."

The Internet

Submission + - Could Anonymous bring down the web?

EliSowash writes: "I once heard Anonymous described as "a handful of geniuses surrounded by a legion of idiots.” But, they've made it pretty clear they intend to "shut down the internet" on March 31 in what they call Operation Global Blackout. Their "plan" is to knock out the 13 root DNS servers. Seems easy enough, right? The IP addresses are published, there's only 13, seems a prime target for a DDoS.

But, as Cricket Liu explaints , the real world just ain't that easy. The boffins that manage the root DNS servers have designed a fault tolerant and resiliant infrastructure. Those 13 IP addresses actually represent about 280 individual name servers, unicasting across the internet in such a way that a DDoS is practically impossible."

Submission + - Ask Slashdot: Would you wear a "vibrating tattoo?" (wsj.com)

EliSowash writes: "Nokia is proposing “a material attachable to skin, the material capable of detecting a magnetic field and transferring a perceivable stimulus to the skin, wherein the perceivable stimulus relates to the magnetic field.” The material would react to magnetic signals emitted by a nearby electronic device, such as a smartphone, and that magnetic field would interact with the tattoo, causing it to vibrate.

Sounds to me like more of a 'patch' than a 'tattoo' but that's the language they used in the patent and not really the point.

So...would you? Are you so connected that you'd attach a notifier directly to you? And (dare I ask) just where would you put it??"


Submission + - Web SSO contains big flaws, reseach says (darkreading.com)

EliSowash writes: "As more and more organizations tap into single sign-on (SSO) schemes through Web services providers such as Google and Facebook, new research suggests that they must better plan how they implement SSO APIs lest they leave users open to attack. New findings by Microsoft Research found troubling logic flaws in SSO for
Facebook , Google , PayPal , and other Web services that threaten a large number of users online.

According to the report (PDF), many of the problems associated with spotting flaws in Web services SSO implementations are a result of individual developer's idiosyncratic methods of integrating the APIs, SDKs, and sample code offered up by identity providers. In particular, the report noted that developers of today's Web SSO systems fail to fully lock down the process of token exchange in order to protect and verify the token from malicious adversaries."


Submission + - Wordpress Malware Injection affecting 200,000 web pages (websense.com)

EliSowash writes: "Researchers at Websense have detected a widespread rogue antivirus campaign targeting more than 200,000 Webpages and close to 30,000 unique Web hosts. The attack uses HTML injection to infect a massive number of Websites with various versions of WordPress installed. When a victim visits one of the infected sites, he or she is redirected to a site hosting rogue antivirus. After a three-level redirection chain, victims land on a fake AV site, which executes a variant of FakeAlert."

Submission + - Anonymous Partners With WikiLeaks, Then Turns On Stratfor (informationweek.com)

EliSowash writes: "Stratfor appears to have run afoul of Anonymous and WikiLeaks on account of its intelligence-gathering activities. A blog post published Sunday accused Stratfor of being "a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations." The two have announced a partnership, followed by the release of 5 million emails from the Texas "subscription-based provider of geopolicital analysis."

The new leak represents a homecoming for WikiLeaks, which has released few documents after publishing a massive trove of sensitive, unredacted government cables."


Submission + - Mcafee Report says Mobile Malware on the rise (darkreading.com)

EliSowash writes: "Mcafee reports that mobile malware hit more than 400 unique samples in Q4 2011, nearly quadrupuling the previous quarter, and total unique malware samples topped 75 million. According to Adam Wosotowsky , senior anti-spam analyst and author of the report, malware authors are changing their tactics. "They are moving to a persistent model, where they are trying to get into corporations and steal intellectual property, more money, and to maintain the infection for a long period of time." Cybercrime and hacktivism were also notable in the last quarter of 2011, particularly the activities of Anonymous, LulzSec, and Sabu. The full report is available here (PDF)."

All power corrupts, but we need electricity.